django-cms · fsbraun · May 22, 2024 · Apr 5, 2024 · May 16, 2024 · May 21, 2024
diff --git a/cms/templatetags/cms_tags.py b/cms/templatetags/cms_tags.py
@@ -20,7 +20,7 @@
 from django.template.loader import render_to_string
 from django.urls import reverse
 from django.utils.encoding import smart_str
-from django.utils.html import escape
+from django.utils.html import escape, strip_tags
 from django.utils.http import urlencode
 from django.utils.translation import (
  get_language,
@@ -407,7 +407,9 @@ def get_value(self, context, name, page_lookup):
  if page and name in self.valid_attributes:
  func = getattr(page, "get_%s" % name)
  ret_val = func(language=lang, fallback=True)
- if not isinstance(ret_val, datetime):
+ if name == 'page_title':
+ ret_val = strip_tags(ret_val)
+ elif not isinstance(ret_val, datetime):
  ret_val = escape(ret_val)
  return ret_val
  return ''

diff --git a/cms/tests/test_templatetags.py b/cms/tests/test_templatetags.py
@@ -11,7 +11,7 @@
 from django.test import RequestFactory
 from django.test.utils import override_settings
 from django.utils.encoding import force_str
-from django.utils.html import escape
+from django.utils.html import strip_tags
 from django.utils.timezone import now
 from django.utils.translation import override as force_language
 from djangocms_text_ckeditor.cms_plugins import TextPlugin
@@ -128,7 +128,7 @@ class FakeRequest:
  template = '{% load cms_tags %}{% page_attribute page_title %}'
  output = self.render_template_obj(template, {}, request)
  self.assertNotEqual(script, output)
- self.assertEqual(escape(script), output)
+ self.assertEqual(strip_tags(script), output)
 
  def test_json_encoder(self):
  self.assertEqual(json_filter(True), 'true')